> Hi Mark, > > Mark Lumsden wrote on Thu, Sep 23, 2010 at 07:38:00AM +0000: > >> Add a check to the user supplied value of the local port. > [...] >> ok? > > No, not ok; i think the patch is incorrect. > > The pflag is passed to getaddrinfo(3): > > int > getaddrinfo(const char *hostname, const char *servname, const struct > addrinfo *hints, struct addrinfo **res); > > The servname is either a decimal port number or a service name > listed in services(5).
Good spot. Thanks. > > Thus, no input validation is desirable. > In fact, nc(1) already provides a (well, moderately) useful error > message when you provide a service not listed in services(5): > > schwa...@rhea $ nc -p murks localhost 30000 > nc: getaddrinfo: service not supported for ai_socktype > > Yours, > Ingo > > >> Index: netcat.c >> =================================================================== >> RCS file: /cvs/src/usr.bin/nc/netcat.c,v >> retrieving revision 1.98 >> diff -u -p -r1.98 netcat.c >> --- netcat.c 3 Jul 2010 04:44:51 -0000 1.98 >> +++ netcat.c 23 Sep 2010 07:13:51 -0000 >> @@ -174,6 +174,9 @@ main(int argc, char *argv[]) >> Pflag = optarg; >> break; >> case 'p': >> + strtonum(optarg, 1, PORT_MAX, &errstr); >> + if (errstr) >> + errx(1, "source port %s: %s", errstr, optarg); >> pflag = optarg; >> break; >> case 'r':